Extended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
Static task
static1
Behavioral task
behavioral1
Sample
Altruistic.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
Altruistic.exe
Resource
win10v2004-20220901-en
Target
Altruistic.exe
Size
17.3MB
MD5
c5000c5d7369173e5bedfe49284f1c1b
SHA1
a8999340c88405ea3304fc6d784adef00b59f0bb
SHA256
527fe940973bca1b42f24ee65f52b1b0fccb2aeef8e41a3dd7ffbafa5c2adc6f
SHA512
df350a81b4ace8a3e2010a8f2ec2243c018bf75e751f81d56b4c76aaa8212ff21880a795ede9c91268124cae8f9780be1cf8421096f83b2d301eb9cb5ace871d
SSDEEP
393216:KtbdezQc/I9YlwTb3LFobJsv6tWKFdu9C52VRItc:KRrYlCLIc
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
CN=Cowan Innovations Inc.,O=Cowan Innovations Inc.,ST=Ontario,C=CA
CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB
CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB
CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
CN=Cowan Innovations Inc.,O=Cowan Innovations Inc.,ST=Ontario,C=CA
CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB
CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB
CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
RemoveDirectoryW
GetEnvironmentVariableW
FindClose
SetFileAttributesW
DeleteFileW
MoveFileExW
CreateEventA
lstrcmpW
GetCommandLineW
GetModuleHandleA
GetModuleFileNameA
CreateFileA
CopyFileW
GetSystemPowerStatus
GetSystemTimes
FindNextFileW
FindFirstFileW
OpenEventA
LoadLibraryA
GetTickCount
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
HeapFree
FindFirstVolumeA
GetVolumeInformationW
OpenMutexW
LocalFree
GetLastError
ReleaseMutex
LocalAlloc
WaitForSingleObject
CreateMutexW
FreeLibrary
CreateProcessW
GetCurrentProcessId
WTSGetActiveConsoleSessionId
GetProcAddress
LoadLibraryW
Sleep
ProcessIdToSessionId
OpenProcess
TerminateProcess
GetCurrentProcess
CloseHandle
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetTempFileNameW
GetModuleFileNameW
CreateDirectoryW
WriteConsoleW
GetOEMCP
GetACP
IsValidCodePage
SetEnvironmentVariableW
GetFileSizeEx
EnumSystemLocalesW
IsValidLocale
SetStdHandle
GetConsoleOutputCP
FreeLibraryAndExitThread
ExitThread
GetCommandLineA
SystemTimeToTzSpecificLocalTime
SetConsoleCtrlHandler
LoadLibraryExW
RtlUnwind
RtlUnwindEx
InitializeSListHead
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
LCMapStringEx
EncodePointer
GetCurrentThreadId
GetModuleHandleW
FormatMessageW
ExpandEnvironmentStringsW
CheckRemoteDebuggerPresent
GlobalAlloc
GlobalUnlock
GlobalLock
GetLocaleInfoW
GlobalSize
GetUserDefaultLangID
GetLongPathNameW
GetDriveTypeW
GetConsoleWindow
ExitProcess
CreateEventW
WaitForMultipleObjects
GlobalFree
SetHandleInformation
GetModuleHandleExW
SetLastError
GetStdHandle
GetFileType
WriteFile
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
WideCharToMultiByte
QueryPerformanceCounter
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
CompareStringEx
GetLocalTime
QueryPerformanceFrequency
GetTickCount64
GetStartupInfoW
DuplicateHandle
SetEvent
SwitchToThread
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
TerminateThread
ResumeThread
GetSystemInfo
WaitForSingleObjectEx
GetNativeSystemInfo
OutputDebugStringW
IsProcessorFeaturePresent
ResetEvent
GetSystemDirectoryW
GetDateFormatW
GetTimeFormatW
GetCurrencyFormatW
GetUserDefaultLCID
GetUserPreferredUILanguages
CreateFileW
GetFileAttributesExW
GetCurrentDirectoryW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetLogicalDrives
SetFileTime
GetTempPathW
GetVolumePathNamesForVolumeNameW
SetErrorMode
DeviceIoControl
MoveFileW
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
GetFileInformationByHandleEx
FlushFileBuffers
ReadFile
SetEndOfFile
SetFilePointerEx
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
OpenFileMappingW
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetExitCodeProcess
UnregisterWaitEx
RegisterWaitForSingleObject
CompareStringW
LCMapStringW
FindFirstFileExW
GetTimeZoneInformation
GetGeoInfoW
GetUserGeoID
ReleaseSemaphore
CreateSemaphoreW
ReadFileEx
PeekNamedPipe
CancelIoEx
SleepEx
WriteFileEx
VirtualAlloc
VirtualFree
DebugBreak
FreeLibraryWhenCallbackReturns
CreateThreadpoolWork
SubmitThreadpoolWork
CloseThreadpoolWork
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SleepConditionVariableSRW
InitOnceComplete
InitOnceBeginInitialize
UnregisterDeviceNotification
PostThreadMessageW
UnregisterClassW
CharNextExA
RegisterDeviceNotificationW
CallNextHookEx
UnhookWindowsHookEx
GetSystemMetrics
SystemParametersInfoW
DefWindowProcW
DestroyWindow
GetDC
ReleaseDC
GetSysColor
GetDesktopWindow
GetDoubleClickTime
IsWindow
MessageBeep
GetCaretBlinkTime
UpdateLayeredWindowIndirect
SendMessageW
PostMessageW
AttachThreadInput
CreateWindowExW
IsChild
ShowWindow
UpdateLayeredWindow
SetLayeredWindowAttributes
FlashWindowEx
MoveWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
IsWindowVisible
IsIconic
SetFocus
RegisterTouchWindow
UnregisterTouchWindow
IsTouchWindow
GetCapture
SetCapture
ReleaseCapture
GetMenu
GetSystemMenu
EnableMenuItem
GetForegroundWindow
SetForegroundWindow
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
SetWindowTextW
GetClientRect
GetWindowRect
AdjustWindowRectEx
SetCursor
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetParent
GetWindowThreadProcessId
GetWindow
DestroyCursor
DestroyIcon
MonitorFromPoint
GetAncestor
GetKeyboardLayoutList
RegisterPowerSettingNotification
UnregisterPowerSettingNotification
GetClassInfoW
RegisterClassExW
GetFocus
GetCursorPos
WindowFromPoint
ChildWindowFromPointEx
GetSysColorBrush
LoadImageW
SetMenu
DrawMenuBar
CreateMenu
CreatePopupMenu
DestroyMenu
InsertMenuW
AppendMenuW
ModifyMenuW
RemoveMenu
TrackPopupMenu
GetMenuItemInfoW
SetMenuItemInfoW
MonitorFromWindow
GetMonitorInfoW
EnumDisplayMonitors
LoadIconW
IsHungAppWindow
SetClipboardViewer
ChangeClipboardChain
RegisterClipboardFormatW
GetKeyboardLayout
RegisterWindowMessageW
IsWindowEnabled
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
FindWindowA
PeekMessageW
IsZoomed
GetKeyState
GetKeyboardState
ToAscii
ToUnicode
MapVirtualKeyW
TrackPopupMenuEx
SetCursorPos
GetCursor
LoadCursorW
CreateCursor
CreateIconIndirect
SetWindowsHookExW
GetCursorInfo
EnumDisplayDevicesW
GetClipboardFormatNameW
TrackMouseEvent
GetMessageExtraInfo
GetAsyncKeyState
GetTouchInputInfo
CloseTouchInputHandle
GetWindowTextW
EnumWindows
RealGetWindowClassW
ChangeWindowMessageFilterEx
MessageBoxW
DrawIconEx
TranslateMessage
DispatchMessageW
RegisterClassW
GetQueueStatus
MsgWaitForMultipleObjectsEx
SetTimer
KillTimer
GetIconInfo
RegDeleteKeyW
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
CryptSignHashW
CryptEnumProvidersW
GetSidSubAuthority
GetSidSubAuthorityCount
RegQueryValueExW
SystemFunction036
AccessCheck
CopySid
DuplicateToken
GetLengthSid
MapGenericMask
GetEffectiveRightsFromAclW
BuildTrusteeWithSidW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegFlushKey
RegQueryInfoKeyW
RegSetValueExW
GetSecurityDescriptorDacl
ConvertSidToStringSidA
BuildExplicitAccessWithNameW
ChangeServiceConfig2W
ConvertStringSidToSidW
SetServiceObjectSecurity
RegSetKeySecurity
RegOpenKeyExW
ChangeServiceConfigW
LookupAccountSidW
RegOpenKeyW
QueryServiceObjectSecurity
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
DeleteService
RegDeleteKeyExA
OpenServiceW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetSecurityDescriptorDacl
SetEntriesInAclW
RegNotifyChangeKeyValue
CryptAcquireContextW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeSecurityDescriptor
GetTokenInformation
DuplicateTokenEx
CreateProcessAsUserW
FreeSid
OpenProcessToken
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptReleaseContext
SHGetFileInfoW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
SHGetStockIconInfo
SHGetKnownFolderIDList
SHCreateItemFromIDList
CommandLineToArgvW
SHGetKnownFolderPath
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHBrowseForFolderW
SHCreateItemFromParsingName
SHGetPathFromIDListW
SHGetMalloc
ord727
StringFromGUID2
CoCreateGuid
CoGetMalloc
ReleaseStgMedium
CoTaskMemFree
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleGetClipboard
OleSetClipboard
OleUninitialize
OleInitialize
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoInitialize
SysFreeString
SysAllocString
SafeArrayCreateVector
SafeArrayPutElement
VariantClear
PathRemoveFileSpecW
PathAppendW
PathFileExistsW
WTSEnumerateSessionsW
WTSFreeMemory
WTSQueryUserToken
WTSQuerySessionInformationW
GetThemeInt
GetThemeTransitionDuration
CloseThemeData
GetThemeMargins
GetThemePartSize
GetThemeEnumValue
GetThemeColor
GetThemePropertyOrigin
ord47
GetThemeBackgroundRegion
IsThemeBackgroundPartiallyTransparent
GetThemeBool
SetWindowTheme
IsThemeActive
IsAppThemed
GetCurrentThemeName
OpenThemeData
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmEnableBlurBehindWindow
DwmIsCompositionEnabled
ImmGetContext
ImmGetDefaultIMEWnd
ImmGetCompositionStringW
ImmAssociateContext
ImmReleaseContext
ImmGetOpenStatus
ImmNotifyIME
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetVirtualKey
ImmAssociateContextEx
ConvertInterfaceLuidToGuid
ConvertInterfaceNameToLuidW
ConvertInterfaceLuidToNameW
GetAdaptersAddresses
ConvertInterfaceLuidToIndex
ConvertInterfaceIndexToLuid
CertEnumCertificatesInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertAddCertificateContextToStore
CertFreeCertificateContext
CertCreateCertificateContext
CertOpenStore
CertOpenSystemStoreW
CertFindCertificateInStore
CertCloseStore
WSAHtonl
bind
__WSAFDIsSet
getsockopt
getnameinfo
freeaddrinfo
getaddrinfo
ntohl
htonl
setsockopt
getsockname
WSAStartup
WSACleanup
WSAGetLastError
WSAIoctl
WSANtohl
WSANtohs
WSARecv
WSARecvFrom
WSASend
WSASendTo
WSASocketW
WSAAccept
getpeername
htons
listen
select
WSAConnect
closesocket
recv
send
WSASetLastError
gethostname
WSAAsyncSelect
CreateEnvironmentBlock
GetUserProfileDirectoryW
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
NetApiBufferFree
NetShareEnum
timeSetEvent
timeKillEvent
PlaySoundW
BCryptGenRandom
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
NtProtectVirtualMemory
RtlNtStatusToDosError
NtQuerySystemTime
LdrUnloadDll
LdrLockLoaderLock
RtlImageNtHeader
LdrUnlockLoaderLock
RtlAllocateHeap
RtlClearBits
RtlAcquireSRWLockExclusive
RtlFreeHeap
RtlReleaseSRWLockExclusive
RtlCompareMemory
RtlRaiseStatus
NtQueryVirtualMemory
RtlImageDirectoryEntryToData
RtlHashUnicodeString
GetTextExtentPoint32W
GetCharABCWidthsI
SetBkMode
SetGraphicsMode
SetTextColor
SetTextAlign
SetWorldTransform
GetOutlineTextMetricsW
GetGlyphOutlineW
GetCharABCWidthsFloatW
GetCharABCWidthsW
ExtTextOutW
GetTextFaceW
GetDIBits
RemoveFontMemResourceEx
AddFontMemResourceEx
RemoveFontResourceExW
AddFontResourceExW
CombineRgn
GetStockObject
GetFontData
EnumFontFamiliesExW
CreateFontIndirectW
GetObjectW
GetBitmapBits
CreateBitmap
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetLayout
OffsetRgn
BitBlt
GdiFlush
CreateDIBSection
SelectObject
SelectClipRgn
GetRegionData
DeleteObject
DeleteDC
CreateRectRgn
CreateCompatibleDC
GetTextMetricsW
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ